CVE-2006-2591

CVE-2006-2591 concerns e107 before 0.7.5. The Nessus entry specifies that the remote web server contains a PHP script, email.php, allowing an unauthenticated user to send email messages to arbitrary users and largely control their content, enabling spam or abuse through the affected system. There...

Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability

Description Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut .lnk file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and...

CVE-2004-1021

iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms...

Eudora 6.2.0.7 - Attachment Spoofer

!/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.2.0.7 on Windows spoof\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n"; print...

Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities

The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a rogue email t...

CVE-2002-1320

Pine 4.44 and earlier allows remote attackers to cause a denial of service core dump and failed restart via an email message with a From header that contains a large number of quotation marks "...

HastyMail HTML Attachment Content-Disposition Header XSS

Binary data 2167.prm...

IBM Lotus Domino Server 6 - Web Access Remote Denial of Service

source: https://www.securityfocus.com/bid/10641/info Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client. A...

Eudora 6.0.3 (Windows) - Attachment Spoofing

Eudora 6.0.3 Windows - Attachment Spoofing !/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "\n"; print "This is a...

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via...

hotmailpassport.txt

Hotmail & Passport .NET Accounts Vulnerability There is a very serious and stupid vulnerability or badcoding in Hotmail / Passport’s .NET Accounts I tried sending emails several times to Hotmail / Passport contact addresses, but always met with the NLP bots. I guess I don’t need to go in details ...

Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption

Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption source: https://www.securityfocus.com/bid/7117/info The Evolution mail client supports "uuencoded" content and decodes it automatically when a message is initially parsed. A memory corruption error is present in the parsing component tha...

Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution

source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is created in the Internet Explorer cach...

O UT LO OK E XPRE SS 6 .00 : broken

Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup...

Hypermail buffer overflows

Hypermail buffer overflows PROGRAM: Hypermail HOMEPAGE: http://www.hypermail.org/ SOURCEFORGE PAGE: http://sourceforge.net/projects/hypermail/ VULNERABLE VERSIONS: 2.1.3, 2.1.4, 2.1.5, possibly others IMMUNE VERSIONS: 2.1.6 DESCRIPTION: "Hypermail 2 is a much enhanced version of the popular tool...

Mhonarc 2.5.x - Mail Header HTML Injection

source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...

Pine 4.x - From: Heap Corruption

Pine 4.x - From: Heap Corruption source: https://www.securityfocus.com/bid/6120/info A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a...

Alleged Outlook Express 56 Link - Denial of Service

Alleged Outlook Express 56 Link - Denial of Service source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...

ISS Security Brief: Multiple Vulnerabilities in Microsoft Office Web Components

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Aler...

Winhelp32 Remote Buffer Overrun

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NGSSoftware Insight Security Research Advisory Name: Winhlp32.exe Remote BufferOverrun Systems Affected: Win2K Platform Severity: Critical Category: Remote Buffer Overrun Vendor URL: http://www.mircosoft.com Author: Mark Litchfield [email protected]...